Hardware “Security” and a DMCA Takedown Notice

tektronix-autoLast week we published a post about how it was discovered through trial and error that Tektronix application modules are designed with laughable security. We’ll get to that part of it in a minute. We received a DMCA Takedown Notice from Tektronix (which you can read after the break) demanding that we remove the post. We have altered the original post, but we believe our coverage of this story is valid and we don’t agree that the post should be completely removed.

First off, Tektronix sells the modules to unlock the features already present on the Oscilloscope in questions. We’re operating on the moral assumption that using these features without paying their asking price is wrong. If you want the features they’ve developed you should pay for them.

The real story here is that Tektronix designed a woefully weak system for unlocking these modules. Learn from this. If you’re ever designing a hardware key, don’t do it like this!

An EEPROM, a connector, and a plain text string of characters which is already published publicly on their website is all that is necessary to unlock these “crippled” features. Let’s just say that again: apparently every hardware key is the same and just uses a plain-text string found on their website which is not encrypted or obfuscated. If you were selling these keys for $2.99 perhaps this would be adequate, but Tek values these modules at $500 apiece.

If you were designing this system wouldn’t it be worth using an encryption key pair based on the serial number or some other piece of unique information? How do you think this should have been done? Leave your comment below.

[Read more...]

Your 15 Days to be Excellent

15-days-to-be-excellent

This is it. It’s time to step up and be a hardware hacker.

If you haven’t submitted your entry for The Hackaday Prize, get out that graph paper and mechanical pencil and start scribbling. The coming fortnight is your time to shine.

As of right now you have exactly fifteen days to tell us about your concept for an Open, Connected device. This doesn’t mean you have to finish the build, there’s time for that after the August 20th deadline. What you do need to do is describe your idea and explain how you plan to build a working prototype for the final deadline in early November.

I’ve appealed to your vanity — it’s hard to call yourself a hacker if you sit on the sidelines for this one! Now I’ll appeal to your want of recognition and the prizes that dreams are made of. Right now we haven’t quite crossed the 500 entry mark. When was the last time you had a chance as good as 1 in 500 for such a huge bag of booty?

New Round of Astronaut or Not: Too Cool for Kickstarter

astronaut-or-not-round3-results

Round 3 of Community Voting has drawn to a close. This time around we had nearly 60,000 votes for 420 projects! The first voter lottery drawing didn’t turn up a winner, but on Friday we ended up giving away the bench supply. We’ll cover the projects with the top votes in just a moment, but first let’s take a look at the voter lottery prize for the new round.

You must vote at least once in this new round to be eligible for the voter lottery on Friday!

voter-lottery-4-prizes

We’ve got so many prizes in the package for the fourth round of Astronaut or Not that we’re just showing you a few in this image.

On Friday morning we’ll be drawing a random number and checking it against the Hacker profiles on Hackaday.io. If that person has voted in this current round, they win. If not, they’ll be kicking themselves (emptyhandedly) for not taking part in the festivities.

This week’s prize package includes:

Now onto the results:

[Read more...]

DEFCON Shenanigans: Hack the Hackaday Hat

We don’t want to call it a challenge because we fear the regulars at DEFCON can turn our piece of hardware into a smoking pile of slag, but we are planning to bring a bit of fun along with us. I’ll be wearing this classy headgear and I invite you to hack your way into the WiFi enabled Hackaday Hat.

I’ll be wearing the hat-of-many-scrolling-colors around all weekend for DEFCON 22, August 7-10th in Las Vegas. You may also find [Brian Benchoff] sporting the accessory at times. Either way, come up and say hello. We want to see any hardware you have to show us, and we’ll shower you with a bit of swag.

Don’t let it end there. Whip out your favorite pen-testing distro and hack into the hat’s access point. From there the router will serve up more information on how to hack into one of the shell accounts. Own an account and you can leave your alias for the scoreboard as well as push your own custom message to the hat’s 32×7 RGB LED marquee.

You can learn a bit more about the hat’s hardware on this project page. But as usual I’ve built this with a tight deadline and am still trying to populate all the details of the project.

Call for Proposals: Hackaday 10th Anniversary

call-for-proposals

On October 4th Hackaday is celebrating our 10th anniversary. We’ll be hosting a live event in Pasadena that day which includes some hardware hacking, some workshops, a mini-conference, and a party. Details to follow on most of this, but we are putting out a call for proposals to those who would like to present a talk at the mini-conference. We plan to record the talks, workshops, and events so that those unable to attend can also enjoy the festivities.

The mini-conference will be about 3 hours long on the afternoon of Saturday, 10/4. We are looking for approximately four talks on topics interesting to the Hackaday community. These will be no more than 20-minutes in length with a short Q&A after.

In addition to the talks we will invite a limited number of hackers to give 7-minute lightning presentations on hardware projects they bring with them to the event.

Talk Proposals

Please email your proposal of no more than 350 words to conference -at- hackaday.com. Preference will be given to speakers who are able to be at the event in person. Exceptional presentations given via video-chat will also be considered. Talk proposals should be submitted before Friday, August 22nd. Please specify whether you will present in person or via video.

Hardware Project Lightning Talks

Please email your proposal of no more than 350 words to conference -at- hackaday.com. Your proposal should mention what stage of development/operation your hardware is currently in. Lighting talks must be presented in person.

 

16-Bobbin Rope Braiding Machine Inspired by Surplus Store Find

When the Red Bull Creation build days were past, [David] pulled us aside and asked if we wanted to see the mechanical hack he’s been working on. He built this rope braiding machine, which uses 16 bobbins, with help from his brother [Jed].

Ideas for projects always come from funny places. [David] came up with this one after finding a rope braiding machine at Ax-man Surplus. This outlet, located in the Twin Cities (Minneapolis/St. Paul, Minnesota) has been the origin for innumerable hacks. Just one that comes to mind is this electric scooter project from the ’90s.

[David] wanted to understand how the mechanism, which divides the bobbins up into groups of orbiting spools, actually works. It’s both mesmerizing and quite tough to visualize how it works without really getting in there and looking at the gearing. Thankfully you can do just that if he follows through with his plan to turn this into a kit.

In case you don’t recognize him, [David] was on the 1.21 Jigawatt’s team during this year’s Creation. We’ve also seen a couple of hacks from him in the past like this half-tone drum printer, and this bicycle frame welding jig.

18-Channel PWM Aquarium Lights Provide Habitat-Like Life for Fish

Aquarium with variable LEDs

Whether you want to keep your fish happy or just need a good light show, this aquarium light fits the bill. It is the second iteration, but [William] calls it v1. That’s because v0 — which used a few loops of LED strips — never really met his requirements.

This build uses just six LEDs, each a 30 Watt RGB monster! To source about 350 mA for each, and to control brightness with 18-channels of pulse width modulation, he had to plan very carefully. This meant a proper aluminum project box and a beefy, fan-cooled power supply.

The driver board is his own design, and he etched a huge board to hold all of the components. Everything is driven by an Arduino Mega, which has 16 hardware PWM channels; two short of what he needed. Because of this he had to spend a bit of time figuring out how best to bit-bang the signals. But he’s putting them to good use, with fish-pleasing modes like “sunset” or the “passing rainbow” pattern which is shown in the image above.

If you need something a little less traditional why not house your fish in a computer case, complete with LED marquee for displaying data.

Follow

Get every new post delivered to your Inbox.

Join 93,583 other followers